1.30.0 (2024-11-08)
- Make it explicit that there is a network call to MDS to get SecureSessionAgentConfig (#1573) (18020fe)
1.29.0 (2024-10-22)
1.28.0 (2024-10-02)
1.27.0 (2024-09-20)
1.26.0 (2024-09-18)
- Updates UserAuthorizer to support retrieving token response directly with different client auth types (#1486) (1651006)
1.25.0 (2024-09-03)
- ComputeEngineCredentials.createScoped should invalidate existing AccessToken (#1428) (079a065)
- Invalidate the SA's AccessToken when createScoped() is called (#1489) (f26fee7)
1.24.1 (2024-08-13)
1.24.0 (2024-07-09)
- [java] allow passing libraries_bom_version from env (#1967) (#1407) (d92b421)
- Next release from main branch is 1.21.0 (#1372) (23c3cbe)
- Makes default token url universe aware (#1383) (e3caf05)
- Remove Base64 padding in DefaultPKCEProvider (#1375) (1405378)
- Add supplier sections to table of contents (#1371) (9e11763)
- Adds docs for supplier based external account credentials (#1362) (bd898c6)
- Fix readme documentation for workload custom suppliers. (#1382) (75bd749)
1.23.0 (2024-02-05)
- Add context object to pass to supplier functions (#1363) (1d9efc7)
- Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials (#1336) (64ce8a1)
- Adds universe domain for DownscopedCredentials and ExternalAccountAuthorizedUserCredentials (#1355) (17ef707)
- Modify the refresh window to match go/async-token-refresh. Serverless tokens are cached until 4 minutes before expiration, so 4 minutes is the ideal refresh window. (#1352) (a7a8d7a)
- Add missing copyright header (#1364) (a24e563)
- Issue #1347: ExternalAccountCredentials serialization is broken (#1358) (e3a2e9c)
- Refactor compute and cloudshell credentials to pass quota project to base class (#1284) (fb75239)
1.22.0 (2024-01-09)
1.21.0 (2023-12-21)
- Add code sample and test for getting an access token from an impersonated SA (#1289) (826ee40)
- Multi universe support, adding universe_domain field (#1282) (7eb322e)
- Remove -Xlint:unchecked, suppress all existing violations, add @CanIgnoreReturnValue (#1324) (04dfd40)
- Update README.md to link to Cloud authentication documentation rather than AIPs (98fc7e1)
1.20.0 (2023-09-19)
1.19.0 (2023-06-27)
- Expose test-jar and mock classes in oauth2 (12e8db6)
1.18.0 (2023-06-16)
1.17.1 (2023-05-25)
1.17.0 (2023-05-20)
- Adds universe_domain to external account creds (#1199) (608ee87)
- Expose method to manually obtain ADC from gcloud CLI well-known… (#1188) (2fa9d52)
- Updating readme for external account authorized user credentials (#1200) (bf25574)
- Do not expose universe_domain yet (#1206) (9cce49c)
- Improve errors and warnings related to ADC (#1172) (6d2251c)
- Marking 503 as retryable for Compute credentials (#1205) (8ea9445)
1.16.1 (2023-04-07)
- Make supporting classes of AwsCredentials serializable (#1113) (82bf871)
- Remove AWS credential source validation. (#1177) (77a99c9)
1.16.0 (2023-02-15)
- Create and reuse self signed jwt creds for better performance (#1154) (eaaa8e8)
- Java doc for DefaultPKCEProvider.java (#1148) (154c127)
- Removed url pattern validation for google urls in external account credential configurations (#1150) (35495b1)
1.15.0 (2023-01-25)
- Adds external account authorized user credentials (#1129) (06bf21a)
- Expose scopes granted by user (#1107) (240c26b)
- AccessToken scopes clean serialization and default as empty list (#1125) (f55d41f)
- Enforce Locale.US for AwsRequestSignerTest (#1111) (aeb1218)
- Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh (#1131) (326e4a1)
1.14.0 (2022-12-06)
- Add GDCH support (#1087) (cfafb2d)
- Adding functional tests for Compute Engine (#1105) (6f32ac3)
- Introduce Environment Variable for Quota Project Id (#1082) (040acef)
- Next release from main branch is 1.13.0 (#1077) (d56eee0)
- AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars (#1100) (1ff5772)
- Not loosing the access token when calling UserCredentials#ToBuil… (#993) (84afdb8)
1.13.0 (2022-11-15)
- Empty string check for aws url validation (#1089) (6f177a1)
- Validate url domain for aws metadata urls (#1079) (31fe461)
1.12.1 (2022-10-18)
1.12.0 (2022-10-14)
1.11.0 (2022-09-08)
- Add retries to public key fetch (#983) (1200a39)
- Add Test to validate 0x20 in token (#971) (612db0a)
- Change revoke request from get to post (#979) (ead58b2)
- Setting the retry count to default value and enabling ioexceptions to retry (#988) (257071a)
- Updates IdTokenVerifier so that it does not cache a failed public key response (#967) (1f4c9c7)
1.10.0 (2022-08-05)
1.9.0 (2022-08-02)
- expiration time of the ImpersonatedCredentials token depending on the current host's timezone (#932) (73af08a)
1.8.1 (2022-07-13)
1.8.0 (2022-06-27)
- add build scripts for native image testing in Java 17 (#1440) (#923) (bbb51ce)
- Adds Pluggable Auth support (WIF) (#908) (c3e8d16)
1.7.0 (2022-05-12)
- Add ability to provide PrivateKey as Pkcs8 encoded string #883 (#889) (e0d6996)
- Add iam endpoint override to ImpersonatedCredentials (#910) (97bfc4c)
1.6.0 (2022-03-15)
- ImmutableSet converted to List for Impersonated Credentials (#732) (7dcd549)
- update library docs (#868) (a081015)
1.5.3 (2022-02-24)
1.5.2 (2022-02-24)
1.5.1 (2022-02-22)
1.5.0 (2022-02-14)
1.4.0 (2022-01-19)
- (WIF) remove erroneous check for the subject token field name for text credential source (#822) (6d35c68)
- java: add -ntp flag to native image testing command (#1299) (#807) (aa6654a)
- java: run Maven in plain console-friendly mode (#1301) (#818) (4df45d0)
1.3.0 (2021-11-10)
- java: java 17 dependency arguments (#1266) (#779) (9160a53)
- service account impersonation with workforce credentials (#770) (6449ef0)
1.2.2 (2021-10-20)
1.2.1 (2021-10-11)
1.2.0 (2021-09-30)
- allow empty workforce_pool_user_project (#752) (e1cbce1)
- timing of stale token refreshes on ComputeEngine (#749) (c813d55)
- workforce audience (#741) (a08cacc)
1.1.0 (2021-08-17)
- add validation for the token URL and service account impersonation URL for Workload Identity Federation (#717) (23cb8ef)
1.0.0 (2021-07-28)
- updating google-auth-library-java min Java version to 1.8
- GA release of google-auth-library-java (ver 1.0.0) (#704) (3d9874f)
- updating google-auth-library-java min Java version to 1.8 (3d9874f)
- Add shopt -s nullglob to dependencies script (#693) (c5aa708)
- Update dependencies.sh to not break on mac (c5aa708)
0.27.0 (2021-07-14)
- add Id token support for UserCredentials (#650) (5a8f467)
- add impersonation credentials to ADC (#613) (b9823f7)
- Adding functional tests for Service Account (#685) (dfe118c)
- allow scopes for self signed jwt (#689) (f4980c7)
0.26.0 (2021-05-20)
- add
gcf-owl-bot[bot]
toignoreAuthors
(#674) (359b20f) - added getter for credentials object in HttpCredentialsAdapter (#658) (5a946ea)
- enable pre-emptive async oauth token refreshes (#646) (e3f4c7e)
- Returning an issuer claim on request errors (#656) (95d70ae)
0.25.5 (2021-04-22)
0.25.4 (2021-04-15)
0.25.3 (2021-04-12)
0.25.2 (2021-03-18)
- follow up fix service account credentials createScopedRequired (#605) (7ddac43)
- support AWS_DEFAULT_REGION env var (#599) (3d066ee)
0.25.1 (2021-03-18)
0.25.0 (2021-03-16)
0.24.1 (2021-02-25)
0.24.0 (2021-02-19)
0.23.0 (2021-01-26)
- privatize deprecated constructor (#473)
- allow custom lifespan for impersonated creds (#515) (0707ed4)
- allow custom scopes for compute engine creds (#514) (edc8d6e)
- allow set lifetime for service account creds (#516) (427f2d5)
- promote IdToken and JWT features (#538) (b514fe0)
- per google style, logger is lower case (#529) (ecfc6a2)
- privatize deprecated constructor (#473) (5804ff0)
- remove deprecated methods (#537) (427963e)
- replace non-precondition use of Preconditions (#539) (f2ab4f1)
- switch to GSON (#531) (1b98d5c)
- use default timeout if given 0 for ImpersonatedCredentials (#527) (ec74870)
- update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 (#422) (b262c45)
- update dependency com.google.guava:guava to v30.1-android (#522) (4090d1c)
0.22.2 (2020-12-11)
- quotaProjectId should be applied for cached
getRequestMetadata(URI, Executor, RequestMetadataCallback)
(#509) (0a8412f)
0.22.1 (2020-11-05)
- update dependency com.google.guava:guava to v30 (#497) (0551649)
- update dependency com.google.http-client:google-http-client-bom to v1.38.0 (#503) (46f20bc)
0.22.0 (2020-10-13)
0.21.1 (2020-07-07)
0.21.0 (2020-06-24)
- update autovalue packages to v1.7.2 (#429) (5758364)
- update dependency com.google.http-client:google-http-client-bom to v1.35.0 (#427) (5494ec0)
- update Guava to 29.0-android (#426) (0cd3c2e)
0.20.0 (2020-01-15)
0.19.0 (2019-12-13)
- update appengine-sdk to 1.9.76 (#366) (590883d)
- update autovalue packages to v1.7 (#365) (42a1694)
- update dependency com.google.appengine:appengine to v1.9.77 (#377) (c3c950e)
- update dependency com.google.http-client:google-http-client-bom to v1.33.0 (#374) (af0af50)
- remove outdated comment on explicit IP address (#370) (71faa5f)
- xml syntax error in bom/README.md (#372) (ff8606a), closes #371
0.18.0 (2019-10-09)
- make JwtClaims.newBuilder() public (#350) (6ab8758)
- move autovalue into annotation processor path instead of classpath (#358) (a82d348)
0.17.4 (2019-10-08)
- make JwtClaims.newBuilder() public (#350) (6ab8758)
- move autovalue into annotation processor path instead of classpath (#358) (a82d348)
0.17.2 (2019-09-24)
0.17.1 (2019-08-22)
0.17.0 (2019-08-16)
- cleanup unused code and deprecation warnings (#315) (7fd94c0)
- Fix declared dependencies from merge issue (#291) (35abf13)
- throw SigningException as documented (#316) (a1ab97c)
- typo in ComputeEngineCredentials exception message (#313) (1a16f38)
- add Automatic-Module-Name to manifest (#326) (29f58b4), closes #324 #324
- add IDTokenCredential support (#303) (a87e3fd)
- add JwtCredentials with custom claims (#290) (3f37172)
- allow arbitrary additional claims for JwtClaims (#331) (888c61c)
- Implement ServiceAccountSigner for ImpersonatedCredentials (#279) (70767e3)
0.16.2 (2019-06-26)
- Add metadata-flavor header to metadata server ping for compute engine (#283)
- Import http client bom for dependency management (#268)
- README section for interop with google-http-client (#275)
0.16.1 (2019-06-06)
- Update dependency com.google.http-client:google-http-client to v1.30.1 (#265)
0.16.0 (2019-06-04)
- Add google-auth-library-bom artifact (#256)
- Update dependency com.google.http-client:google-http-client to v1.30.0 (#261)
- Update dependency com.google.http-client:google-http-client to v1.29.2 (#259)
- Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.8 (#257)
- Update to latest app engine SDK version (#258)
- Update dependency org.apache.maven.plugins:maven-source-plugin to v3.1.0 (#254)
- Update dependency org.jacoco:jacoco-maven-plugin to v0.8.4 (#255)
- Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.1.2 (#252)
- Update dependency org.apache.maven.plugins:maven-source-plugin to v2.4 (#253)
- Javadoc publish kokoro job uses docpublisher (#243)
0.15.0 (2019-03-27)
- createScoped: make overload call implementation (#229)
- Add back in deprecated methods in ServiceAccountJwtAccessCredentials (#238)
0.14.0 (2019-03-26)
0.13.0 (2019-01-17)
- Use OutputStream directly instead of PrintWriter (#220)
- Improve log output when detecting GCE (#214)
- Overload GoogleCredentials.createScoped with variadic arguments (#218)
- Update google-http-client version, guava, and maven surefire plugin (#221)
0.12.0 (2018-12-19)
- Show error message in case of problems with getting access token (#206)
- Add note about
NO_GCE_CHECK
to metadata 404 error message (#205)
- Update google-http-java-client dependency to 1.27.0 (#208)
- README grammar fix (#192)
- Add unstable badge to README (#184)
- Update README with instructions on installing the App Engine SDK and running the tests (#209)
0.11.0 (2018-08-23)
- Update auth token urls (#174)
- Update dependencies (guava) (#170)
- Bumping google-http-client version to 1.24.1 (#171)
- Documentation for ComputeEngineCredential signing. (#176)
- Fix README link (#169)
0.10.0 (2018-06-12)
- Read token_uri from service account JSON (#160)
- Log warning if default credentials uses a user token from gcloud sdk (#166)
- Add OAuth2Credentials#refreshIfExpired() (#163)
- ComputeEngineCredentials implements ServiceAccountSigner (#141)
- Versionless Javadocs (#164)
- Fix documentation for
getAccessToken()
returning cached value (#162)
0.9.1 (2018-04-09)
- Add caching for JWT tokens (#151)
0.9.0 (2017-11-02)
- Fix NPE deserializing ServiceAccountCredentials (#132)
- Surface cleanup (#136)
- Providing a method to remove CredentialsChangedListeners (#130)
- Implemented in-memory TokenStore and added opportunity to save user credentials into file (#129)
- Fixes comment typos. (#131)
0.8.0 (2017-09-08)
- Extracting the project_id field from service account JSON files (#118)
- Fixing an Integer Overflow Issue (#121)
- use metadata server to get credentials for GAE 8 standard environment (#122)
- Switch OAuth2 HTTP surface to use builder pattern (#123)
- Add builder pattern to AppEngine credentials (#125)
- Fix API Documentation link rendering (#112)
0.7.1 (2017-07-14)
- Mitigate occasional failures in looking up Application Default Credentials on a Google Compute Engine (GCE) Virtual Machine (#110)
0.7.0 (2017-06-06)
- Retry HTTP errors in
ServiceAccountCredentials.refreshAccessToken()
to avoid propagating failures (#100 addresses #91)
- Add
GoogleCredentials.createDelegated()
method to allow using domain-wide delegation with service accounts (#102) - Allow bypassing App Engine credential check using environment variable, to allow Application Default Credentials to detect GCE when running on GAE Flex (#103)